The Sarbanes-Oxley Act and Incentive Compensation Management. What Sarbanes-Oxley Means for the Future and How Companies can Prepare for it Now



Similar documents
Enterprise Incentive Management

for Insurance Is Your Incentive Compensation System A Strategic Advantage?

Callidus for Insurance

Driving Sales Growth Using Sales Performance Metrics

Sales Performance Management in an On-Demand Secure Environment. White Paper

Measuring Sarbanes-Oxley Compliance Requirements

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

CONTINUOUS CONTROLS MONITORING

The Sarbanes-Oxley Act: Time is not on your side

Introduction. 1. Risk of Non-Compliance

February Sample audit committee charter

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX

The Impact of Sarbanes-Oxley on the Collections Process. A Decision Analytics briefing paper from Experian

This is Appendix A: Sarbanes-Oxley and Other Recent Reforms, appendix 1 from the book Governing Corporations (index.html) (v. 1.0).

How Varonis Can Help With Efforts Toward Sarbanes-Oxley Compliance

Leveraging Sarbanes-Oxley (SOX) to Build Better Practices

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014

Charter of the Audit Committee of the Board of Directors

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment

Guide to Internal Control Over Financial Reporting

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions

SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements

Chapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley and Sage MAS 90, 200, and

One source. One amazing service. Procurement Process and the Sarbanes-Oxley Act

Anticipating and meeting regulatory compliance

Contracts Management Software as a Tool for SOX Compliance

Sarbanes-Oxley Control Transformation Through Automation

Fraud-Related Compliance

Compliance with Sarbanes-Oxley and Enterprise Risk Management Creates Best Practices in Remittance Processing for Treasury and Cash Management

The PCI Dilemma. COPYRIGHT TecForte

How To Get A Whistleblower Pass On A Corporation

Sarbanes-Oxley Act: HR s Role in Ensuring Compliance and Driving Cultural Change Created by BNA Exclusively for ADP

Prioritizing Regulatory Compliance in the Financial Services Industry

Add the compliance and discovery benefits of records management to your business solutions. IBM Information Management software

The Importance of IT Controls to Sarbanes-Oxley Compliance

Best Practices in Contract Migration

Seven Rules of Thumb for Post-Trade Compliance

EFFECT OF THE SARBANES-OXLEY ACT OF 2002

BAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012)

Corporate Governance - Implementation, Challenges and Trends

DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen

Outsourcing & Regulatory Compliance Risks

Consultation Response

Fraud Prevention and Deterrence

Corporate Governance and Compliance: Could Data Quality Be Your Downfall?

STARTUP AMERICA LEGISLATIVE AGENDA

SOX 404 Compliance Challenges for Small Companies

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015

Governance Is an Essential Building Block for Enterprise Information Management

Self-Service SOX Auditing With S3 Control

September 9, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

Application of King III Corporate Governance Principles

AMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER

The Project Manager's Guide to Sarbanes-Oxley

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

Impact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit

Broker-dealer industry update

[RELEASE NOS ; ; FR-77; File No. S ]

Exponent, Inc. Charter of the Audit Committee of the Board of Directors (as amended through December 10, 2015)

Application of King III Corporate Governance Principles

ETHICS, FRAUD, AND INTERNAL CONTROL

Risk Management Advisory Services, LLC Capital markets audit and control

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

Outsourcing Corporate Tax Services

Total Reconciliation Solution (T-Recs ) Enterprise A Control Framework for Governance, Risk Management and Compliance

The Road to Compliance: Signing Your SOX Certification with Confidence

Compliance Management, made easy

Stock Plan Administration in the Age of Sarbanes-Oxley. Compliance Considerations for Administrators

Guide to Pcaob Inspections

engage. empower. evolve. SARBANES-OXLEY COMPLIANCE

How To Manage Log Management

What Should IS Majors Know About Regulatory Compliance?

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014

Changes to Broker-Dealer Reporting & Auditing

CHEVRON CORPORATION AUDIT COMMITTEE CHARTER

Sarbanes-Oxley Compliance for Cloud Applications

Optimizing government and insurance claims management with IBM Case Manager

NEW JERSEY GOVERNANCE PRINCIPLES Day Pitney LLP Lori J. Braender

BDO Seidman, LLP Accountants and Consultants

White Paper: The Sarbanes-Oxley Act Public Company Accounting Reform and Investment Protection Act

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Connecting the Dots: Building Internal Audit Value

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

February Audit committee performance evaluation

How To Ensure Internal Control Of Financial Reporting In India

Restaurant Brands International Inc. A corporation continued under the laws of Canada. Audit Committee Charter Originally adopted December 11, 2014

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE

IFRS in Asia 2008 Driving the Capital Markets of Tomorrow October 2008, Beijing, China

The ROI of Incentive Compensation Management Making the Business Case

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

AUDITING AND ITS ROLE IN CORPORATE GOVERNANCE

Transcription:

The Sarbanes-Oxley Act and Incentive Compensation Management What Sarbanes-Oxley Means for the Future and How Companies can Prepare for it Now

Executive Summary The Sarbanes-Oxley Act of 2002 has been described as the most sweeping piece of legislation to impact corporate governance, disclosure and accounting since the Securities Act of 1934. It s all that and more. Passed in response to the liberties that executives at Enron, WorldCom, Global Crossing, Adelphia and other troubled companies had been taking to make their numbers look good and their wallets fatter, Sarbanes-Oxley is intended to provide better protection to investors by improving the accuracy and reliability of corporate reporting and financial disclosures. Specifically, Sarbanes-Oxley attempts to achieve this goal by legislating: An increased degree of transparency in corporate accounting and reporting, Personal responsibility on the part of top executives and board members regarding the accuracy of financial statements their companies release, and A greater emphasis and a new structural framework around efforts to prevent, detect, investigate and remediate fraud and misconduct. To achieve these goals, Sarbanes-Oxley requires companies to document the controls that have a bearing on financial reporting, then to test them and report on any gaps and/or deficiencies. Since Sales and Cost of Sales can have a significant impact on a company s statement of earnings, incentive compensation management comes into focus as a business process with strong exposure for companies that are actively seeking to reduce their risk of Sarbanes-Oxley non-compliance. Consider: Most companies spend a significant amount of money to incent employees and business partners, but do a poor job monitoring, auditing and controlling these expenditures with spreadsheets and manual processes. Studies have shown that companies typically overpay incentives by 3-10%, which amounts to a poor use of corporate resources and a loss of value to shareholders. You only hear about underpayments and almost never about overpayments. Proper incentive compensation management typically results in appropriate tracking and accounting of revenue transactions, which are critical to the accuracy and accountability of the bottom line. Tying incentive payments for executives, other employees and channel partners to welldocumented sales performance is a key to good corporate governance, and demonstrates alignment of compensation to shareholder interests. Let s also not forget that managing incentives correctly can help optimize and drive additional revenues which are also good corporate governance. 2

Getting From Here to There Most responsible executives and business managers understand and embrace the goals of Sarbanes-Oxley, but many have concerns about their implementation. The 66-page law is chaotic and offers few guidelines for getting from here to there. It contains obscure references, problematic language and what often appears to be overlapping rules. Part of industry s concern about Sarbanes-Oxley is simply a knee-jerk reaction to new rules, regulations and responsibilities of any sort. Part comes from the scope of the law itself, which is very broad, and indeed daunting. Additionally, Sarbanes-Oxley relies heavily on the concept of materiality-a term that is not very specifically defined and is subject to interpretation. Then there is the cost of compliance. Many companies have already experienced more than a doubling of their auditing bills and more than a few are wondering if the cost justifies the means. One CEO attending the January 2004 World Economic Forum in Davos, Switzerland put it this way: Corporate America is spending an awful lot of money on internal controls that are not benefiting shareholders. Finally, there is a belief that bad people do bad things, and that no amount of regulation or legislation, Sarbanes-Oxley or not can guarantee ethical behavior. While no one downplays the difficulties of meeting the requirements of Sarbanes-Oxley, the process itself can yield major benefits. Past SEC Chairman William Donaldson elaborates: If companies view the new laws as opportunities-opportunities to improve internal controls, improve the performance of the board and improve their public reporting-they will ultimately be better run, more transparent and therefore more attractive to investors. This requires, of course, complying not only with the letter of the law but the spirit as well. Corporations that embrace strong ethics, good governance and reliable reporting will have the opportunity to re-energize their operations and give their stockholders the reassurance they need and deserve. Moreover, if Sarbanes-Oxley compliance efforts are leveraged to include a hard look at existing business processes and systems, it s very likely the exercise will uncover complexities that can be simplified and operations that can be eliminated, yielding long-term cost savings that will drop straight through to the bottom line. To help with this effort, members of the IT industry have come up with answers to many of the Sarbanes-Oxley challenges. Callidus Software s TrueComp, for example, can provide internal process control over the incentive compensation business process. It is a route many companies are taking to lower the risk of non-compliance with Sarbanes-Oxley and, at the same time, improve their corporate governance environments. Translating Sarbanes-Oxley into Rules and Regulations In order to facilitate the implementation of such sweeping reform, Sarbanes-Oxley established a rules-making body called the Public Company Accounting Oversight Board (PCAOB), which is tasked with interpreting the law into guidelines that can be deployed by the auditing community. One of the PCAOB s early rulings required outside accountants to establish auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports for issuers. 3

In October of 2003, in one of its most impactful rulings to date, the PCAOB proposed a new auditing standard entitled An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Reporting. This auditing standard, which was also accepted by the SEC in October of 2003, mandates that auditors review and establish that proper internal controls exist over all financially significant business processes as part of any effort to certify the financial reports themselves. This ruling is significant for incentive compensation processes, which for many companies can involve millions of dollars. Despite their high cost and importance, many companies still manage these processes through manual spreadsheets and e-mail, or through legacy systems that are not optimized for Sarbanes-Oxley compliance. The Need for Sophisticated, Computerized Controls According to Sarbanes-Oxley, auditors are required to attest to the design and effectiveness of a company s internal controls. Many incentive compensation plans that are administered with spreadsheets and/or homegrown systems do not have the advantages of data management, flexible rules engines and Web-based results reporting. These systems will have limited effectiveness in the 21st Century. Sales-related fraud or even simply user errors that go undetected (which can occur in the absence of a proper system) can lead to understating expenses and overstating earnings which can undermine the reliability of financial reporting and investor confidence in the results. Since sales and cost of sales are two significant items on the P&L, the accuracy of both numbers has a major impact on the statement of earnings. Companies that do not have sophisticated, computerized controls over their compensation processes-the kind that can pass a rigorous audit-are open to significant exposure. If a restatement occurs and an investigation is initiated there will likely be a request to provide compensation details in a timely manner. If details concerning incentive calculations are trapped in spreadsheets or reside in a system that lacks a proper audit trail and security, this poses a red flag to auditors. To establish sufficient internal process control over compensation management, a company should: Provide an archive of all transaction details for several years, Provide audit trails of all interactions within the compensation process, Be able to enforce/support policies and procedures through workflow and security, and Have established event-based alerts that notify management of potentially non-compliant transactions. Identifying and Addressing Problems Prior to Audit While all accelerated filers have now gone through the audit process once, many of these companies are now looking to not just meet the minimum standards but also to be more efficient and improve upon the ways they meet those standards. To do this job properly, many of the larger, more complex organizations are finding they need more powerful and versatile internal control applications that can be integrated with their other corporate systems. 4

In the absence of more specific direction from regulators, the companies and auditors have turned to the Enterprise Risk Management Framework, first published by COSO in 1992, as their guideline for Sarbanes-Oxley related risk assessment. COSO, or the Committee of Sponsoring Organizations, is a group established in 1985 in an attempt to establish self-regulation over corporate governance issues for the Financial Services industry. COSO s framework has been approved by the SEC as an appropriate method for establishing internal process control assessment. The COSO framework comprises five interrelated components to simplify management s task of administering and supervising all of the activities that go into a successful internal control structure: Control environment Risk assessment Control activities Information and communication Monitoring This means that compliance with Sarbanes-Oxley requires comprehensive review, documentation and testing of the internal controls that support significant financial statement line items. The Industry Standard To achieve this level of control over the incentive compensation process, many companies are turning to Callidus Software s TrueComp, which automates, standardizes and documents the business processes that result in sales and channel compensation. Among other things, TrueComp: Provides the data transparency that CFOs need to comply with the new corporate governance requirements, Establishes significant process control, reliability and audit trail, In many cases provides return on investment in less than a year, and Is fast becoming the industry standard for sales compensation as it relates to Sarbanes-Oxley. Callidus Software s TrueComp supports compliance with Sarbanes-Oxley rules on internal controls and helps create a better overall corporate governance environment by adding security, reliability, predictability and the audit ability of the incentive compensation management business process. Specifically, the system provides: End-to-end commission and incentive payment processing, from sales transactions to GL and payroll system integration. Secure workflow for processing, administration and approval of sales credits and compensation, including dispute resolution processes and exception handling. Detailed documentation of sales plans and compensation rules. Auditable records of changes to compensation plans, covering when they were made, who provided the authorization and the like. The capability to audit compensation history even if compensation plans change. Role-based security that controls access to information. Tracking and processing of special bonuses and other exception (one-off) payments. 5

Callidus TrueComp is being used by many Fortune 500 companies to establish internal process control over incentive compensation management, thereby reducing their risk of non-compliance with Sarbanes-Oxley. In conjunction with our customers, Callidus is working to fulfill the on-going requirements of compliance with Sarbanes-Oxley, and ultimately deliver the benefits of tighter process control, reduced incentive compensation costs, and better alignment of incentive expenditures to shareholder interests. Role of the CFO The Sarbanes-Oxley Act of 2002 is changing the role of the CFO, who going forward will play a greater role in establishing tighter process control over all financially significant business processes. Even though Sarbanes-Oxley does not single out particular business processes for scrutiny, internal control over compensation management is directly relevant to compliance. Securing the process of paying people who are directly responsible for revenues lessens the chances for Sarbanes-Oxley related scrutiny by removing concerns about process control, fraud detection, and accuracy of reported information. This means that incentive compensation management should be a corporate governance priority for every CFO and every organization. If the SEC should conduct an investigation, disclosure of complete and auditable incentive compensation records could go a long way toward alleviating any suspicion of wrong-doing. Finally, establishing control of the compensation management process offers the added benefits of reducing overpayments, decreasing compensation administration costs, cutting the time it takes to resolve disputes and most important of all driving the appropriate behaviors to maximize growth which should have a healthy effect on the bottom line and improve the overall corporate governance environment. 6

Addendum Sarbanes-Oxley establishes many other new rules and regulations. Most attention has been and will continue to be focused on sections 302, 404 and 906. Section 302 requires CEOs and CFOs to personally certify their company s financial statements and filings. They must affirm that they have the responsibility for establishing and enforcing the disclosure controls and procedures in use throughout their companies. They must certify that they have evaluated the effectiveness of the controls at the time of each quarterly filing, and they must inform their audit committee of any significant deficiencies, material weaknesses and/or acts of fraud. Section 404 requires an annual evaluation of a company s internal controls and financial reporting procedures. The annual report distributed by publicly owned companies must include an internal control report stating that management is responsible for an adequate internal control structure. Companies must document controls that have a bearing on financial reporting, then test them and report on any gaps and/ or deficiencies. In addition, the company s independent auditor must issue a report, to be included in the company s annual report, attesting to management s assertion on the effectiveness of the internal controls and procedures. Section 906, which also involves the CEO and CFO, requires the two to certify that their quarterly and annual reports fully comply with key sections of the Securities Act of 1934, and that the information in those reports fairly presents the financial condition and operating results of the company. A CEO or CFO who knowingly submits a wrong certification will be subject to a fine of up to $1 million and imprisonment for up to ten years. For willfully submitting a wrong certification, the fine can be increased to $5 million and the prison term can go to 20 years. 7

About Callidus Software Founded in 1996, Callidus Software Inc. (www.callidussoftware.com) is a leading enterprise incentive management (EIM) provider to global companies across multiple industries. Callidus EIM systems allow enterprises to develop and manage incentive compensation linked to the achievement of strategic business objectives. Through its TrueComp Grid architecture, Callidus Software delivers the industry s only EIM solution that combines the power and scalability of grid computing with the flexibility of rules-based interface. Customers/partners include AOL Time Warner Corporation, AT&T Wireless, BMC Software, CUNA Mutual, IBM, SBC Communications and Sun Microsystems. Callidus Software is publicly traded on the NASDAQ under the symbol CALD. For more information about Callidus, visit www.callidussoftware.com or call 408-808-6400. Corporate Headquarters Callidus Software Inc. 160 West Santa Clara Street, 15th Floor San Jose, CA 95113 Tel 408-808-6400 Fax 408-271-2662 www.callidussoftware.com info@callidussoftware.com UK and European Headquarters Callidus Software Ltd Northfield House 11 Northfield End Henley on Thames Oxfordshire RG9 2JG United Kingdom Phone: +44 (0) 1491 413 131 Fax: +44 (0) 1491 575 160 1998-2006 Callidus Software Inc. All rights reserved. Callidus Software, the Callidus Software logo, Callidus TrueAnalytics, TrueChannel, TrueComp, TrueComp Datamart, TrueComp Grid, TrueComp Manager, TrueInformation, TrueIntegration, TruePerformance, TrueReferral, TrueResolution, TrueService and TrueSupport are trademarks of Callidus Software Inc. in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners. 04/06 PDF 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information